AES-Rijndael with ActionScript and ASP.Net
Cristian Merighi ()

An useful example about how to pass encrypted data between a Flash object and a server side application developed with .Net technology using the Rijndael/AES algorithm.
This article is obsolete. Some functionalities might not work anymore. Comments are disabled.
In these days I'm working on an online application which consists in a flash game and a related managed skill contest whose
final result is a standing with the ten top scorers.
These ten top scorers will receive a very nice prize as the contest will be over...
One of the most asked, requested, wanted among the features for this application was security! (ok, I know, that's a basis, but in this case more
than usual because of the prize money)
The crucial point of weakness in this application is the passing of data between the flash game (client side) and the application logic (server side).
We wanted to avoid that malicious users coould sniff, post, force data so that they could fix the standings.
The answer to this request pointed to data encryption!
We know it is impossible to avoid that a user grabs its own http data, but we want to assure he cannot read it in order to reproduce fake posts.
The .Net Framework is pretty rich in encryption API's (and with the future versions it will be even richer, take a look at what's coming with the
next Orcas CTP),
but tha ActionScript APIs lack in it...
Thanks to Mika Palmu who has built up a very useful package
of ActionScript 2.0 classes focused on cryptography, we can accomplish the mission with relative ease...
Here's a working swf to summarize the workflow:
Here's the core ActionScript used in order to encrypt the input string:
var aesMode:String = "ECB";
var aesKey:String = "01230123012390129012901A";
var aes:it.pacem.Rijndael = new it.pacem.Rijndael(192, 128);
cipher_txt.text = aes.encrypt(plain_txt.text, aesKey, aesMode);
Here's the core C# used in order to decrypt the cipher text:
MemoryStream msDecrypt = null;
CryptoStream csDecrypt = null;
StreamReader srDecrypt = null;
System.Security.Cryptography.RijndaelManaged aesAlg = null;
string plaintext = null;
try
{
aesAlg = new System.Security.Cryptography.RijndaelManaged();
aesAlg.Key = "01230123012390129012901A";
aesAlg.Mode = CipherMode.ECB;
aesAlg.Padding = PaddingMode.Zeros;
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
msDecrypt = new MemoryStream(cipherText);
csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);
srDecrypt = new StreamReader(csDecrypt);
plaintext = srDecrypt.ReadToEnd();
}
finally
{
if (srDecrypt != null)
srDecrypt.Close();
if (csDecrypt != null)
csDecrypt.Close();
if (msDecrypt != null)
msDecrypt.Close();
if (aesAlg != null)
aesAlg.Clear();
}
For the specifications about the Rijndael/AES Algorithm please refer to the official AES Standard (FIPS PUB 197) and to the
System.Security.Cryptography.RijndaelManaged MSDN reference.
« download AES Standard (FIPS PUB 197) in PDF format
« download code
Take care. Bye.